krb5 commit: Port pkinit debug code to OpenSSL 1.1.0 API

Greg Hudson ghudson at mit.edu
Mon Apr 10 12:55:04 EDT 2017 

https://github.com/krb5/krb5/commit/0daf1d9750b8e6f96f51261bbec87c5eb51c0598
commit 0daf1d9750b8e6f96f51261bbec87c5eb51c0598
Author: Jakub Jelen <jjelen at redhat.com>
Date:   Thu Mar 16 16:39:46 2017 +0100

    Port pkinit debug code to OpenSSL 1.1.0 API
    
    [ghudson at mit.edu: added intermediate variables to simplify code]

 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 8bd8aa5..b583ff0 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -3572,12 +3572,14 @@ openssl_callback(int ok, X509_STORE_CTX * ctx)
 {
 #ifdef DEBUG
     if (!ok) {
+        X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+        int err = X509_STORE_CTX_get_error(ctx);
+        const char *errmsg = X509_verify_cert_error_string(err);
         char buf[DN_BUF_LEN];
 
-        X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, sizeof(buf));
+        X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
         pkiDebug("cert = %s\n", buf);
-        pkiDebug("callback function: %d (%s)\n", ctx->error,
-                 X509_verify_cert_error_string(ctx->error));
+        pkiDebug("callback function: %d (%s)\n", err, errmsg);
     }
 #endif
     return ok;

More information about the cvs-krb5 mailing list